[anti-abuse-wg] ICANN's "Money Grab"
- Previous message (by thread): [anti-abuse-wg] ICANN's "Money Grab"
- Next message (by thread): [anti-abuse-wg] ICANN's "Money Grab"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon - Blacknight
michele at blacknight.com
Sat Oct 31 15:52:20 CET 2015
On 30/10/2015, 7:37 p.m., "anti-abuse-wg on behalf of Ronald F. Guilmette" <anti-abuse-wg-bounces at ripe.net on behalf of rfg at tristatelogic.com> wrote: > >In message <3469D4B3-C08D-4DFF-A271-587C8EE818DC at blacknight.com>, >Michele Neylon - Blacknight <michele at blacknight.com> wrote: > >>There's little point in pointing out the flaws in your argument, as >>you seem to view any facts that do not fit with your view as being invalid. >> >>As has been pointed out to you in the past, the 2013 RAA was NOT welcomed >>by registrars. > >Please correct me if I'm wrong, but you, Mr. Neylon, *are* the head of >one of the registrar companies that has a direct financial interest in >this matter, right? Is that correct is it not? Blacknight is a registrar and hosting provider. > >Also, while researching this topic (2013 RAA) I came upon the following >document which describes you as having been the "chair of the Registrars >Stakeholder Group", which "negotiated" against ICANN the terms of the >2013 RAA contract. Is that true also? Not really. I am currently the Chair of the Registrar Stakeholder Group. I was not Chair during the negotiations of the 2013 RAA so I was not directly involved in the negotiations with ICANN > > http://domainnamewire.com/tag/michele-neylon/ > >Your opinions on this matter may perhaps have some validity, but >you are not exactly a totally uninterested and unbiased observer, >are you? I never said I was. > >In fact, prior to the finalization of the 2013 RAA, you personally were >doing all you could to make your views known to the widest possible >audience, in particular your view that the responsibilities assigned >to registrars, in particular, for insuring the accuracy of WHOIS data >should be minimized. You _did_ write the following, didn't you? Yes of course I did > > http://blog.blacknight.com/dont-make-us-treat-our-customers-like-criminals.html > >To be clear, in case I wasn't already, I take exception to the extremely >weak terms and conditions of the 2013 Registrar Accreditaion Agreement... >terms and conditions which, it appears, you yourself negotiated against >ICANN to weaken and minimize on behalf of the Registrars Stakeholder Group, >of which you were Chairman. As already stated I wasn’t Chair. > >Specifically, and in particular, I take exception to the wording >of sub-section 1.e of what is humorously called the "WHOIS ACCURACY >PROGRAM SPECIFICATION" portion of the 2013 RAA terms and conditions >which requires registrars to do the following: > > e. Validate that all postal address fields are consistent across > fields (for example: street exists in city, city exists in > state/province, city matches postal code) where such information > is technically and commercially feasible for the applicable country > or territory. > >Is this is a joke? Who decides what is or isn't "commercially feasible"? >Obviously, the registrars themselves... the foxes guarding the henhouse. >So all any registrar has to do in order to opt-out completely from this >phony baloney "requirement" is simply to assert the CLAIM that FOR THEM, >individually, the above requirement is not "commercially feasible". Is >that not correct? > >How many registrars are actually checking EVEN and ONLY that the postal >addresses in WHOIS records are even just valid postal addresses? > >I am *not* asking how many registrars check that the postal addresses >in WHOIS records are actually CORRECT ones for the specific domain >registrants who are using them. I am only asking you, Michele Neylon, >in your capacity as Chairman of the Registrars Stakeholder Group, to >tell me how many of the members of your group are even just checking >that the postal addresses in WHOIS records are real, and not entirely >bogus? > >Would that number be zero ? > >I also take profound exception to the following ridiculous "requirement", >which is also present in the 2013 RAA, and which requires registrars to: > > f. Verify: > > i. the email address of the Registered Name Holder (and, if different, > the Account Holder) by sending an email requiring an affirmative > response through a tool-based authentication method such as > providing a unique code that must be returned in a manner > designated by the Registrar, or > > ii. the telephone number of the Registered Name Holder (and, if > different, the Account Holder) by either (A) calling or sending > an SMS to the Registered Name Holder's telephone number providing > a unique code that must be returned in a manner designated by the > Registrar, or (B) calling the Registered Name Holder's telephone > number and requiring the Registered Name Holder to provide a > unique code that was sent to the Registered Name Holder via web, > email or postal mail. > >Simple question: Why is this an either/or? Why aren't registrars required >make at least some effort to validate BOTH the WHOIS contact e-mail address >AND also the WHOIS contact phone number? > >You yourself, Mr. Neylon, negotiated against ICANN for the inclusion of >this language into the 2013 RAA, so perhaps you can explain to us all >why the registrars aren't required to lift a finger to validate the >phone numbers that appear in WHOIS records. > >I, for one, would really like to hear you try to explain that. > >I understand that you have a *political* (and financially incentivized) >viewpoint that domain registrants should be able to remain secretive >and anonymous, regardless of whether or not that is in the best >interests of the 2+ billion ordinary (and honest) users of the internet. >And it would appear that you and your fellow registrars were able to >prevail in this argument, and in this political viewpoint, specifically >when you were negotiating the terms and conditions of the 2013 RAA against >ICANN. What I don't understand is why there is all of this pretense in >the RAA to make it *appear* as if there really are some requirements >imposed upon domain registrars to do some work to validate WHOIS information, >when in fact, the plain language of the 2013 RAA, as quoted above, makes >it abundantly clear that in fact, your group, the registrars, are only >required to do the absolute bare minimum, and to look only at the WHOIS >contact e-mail addresses... data values that are provably useless for >actually identifying the domain registrant. > >So why all of the pretense? Why didn't the 2013 RAA just simply state >the obvious truth, i.e. that "Registrars are only required to make an >effort to validate JUST the e-mail address" ? > >You negotiated the 2013 RAA Mr. Neylon. Please explain. > > >Regards, >rfg >
- Previous message (by thread): [anti-abuse-wg] ICANN's "Money Grab"
- Next message (by thread): [anti-abuse-wg] ICANN's "Money Grab"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]